Re: Programming skills for Pen Testers

[FocusHacks <focushacks () gmail com>]

I honestly don't think that programming in C is any sort of a
prerequisite for a penetration tester.  It's perhaps a pre-requisite
for a security researcher.

There was a discussion not long ago where we talked about how many
pen-testers actually sit down, wade through other peoples' code look
for exploitable code, and write PoC code.  Not many pen-testers do
this.  First off, if a person has those sort of skills, they can
probably make more money in development QA than they can as a
pen-tester, and next off, that sort of task takes a LOT of time, and
they wouldn't have enough time in a week to get any pen-tests in, if
they were sitting in front of a computer all day long grokking code.

C++ is object oriented C.  If you learn C++, you'll learn C, and if
you learn C, learning C++ isn't hard, but learning how to think
object-oriented causes some people problems.

Most normal UNIX stuff is just written in plain old vanilla C, though.

On 2/9/06, johnny Mnemonic <security4thefainthearted () hotmail com> wrote:
> ok we all know that in addition to good network, host and application
> security skills, programming in C is a pre-requisite for a decent pen tester
> or at least one who wants to write their own security tools or simply audit
> the open source code they use. My question is, despite their similarities
> should a pen tester be concentrating on C or C++ ? That's it!
>
> Thanks.
>
> _________________________________________________________________
> Get MSN Hotmail alerts on your mobile.
> http://mobile.msn.com/ac.aspx?cid=uuhp_hotmail
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------


--
http://www.FocusHacks.com - The Ford Focus Modification Site!

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------